Solved

Question on CISSP

Posted on 2006-11-18
8
724 Views
Last Modified: 2008-01-16
I am seeking information.

I have been in networking and involved in network security for 20 years, but I've never taken a security certification exam, with the exception of the SANS GSEC earlier this year. I have found that experience has always carried more weight than the cert. However, there is a job coming up that requires a CISSP and a CISA. If I want to apply I need at least one of the certs. I have the TESTOUT CBT CD's for the CISSP and I was wondering for those who have dedicated themselves to studying and successfully passing the CISSP exam how long did it take?

I could attend a boot camp, for the CISSP, in the very near future and knock this out very quickly.

I would really like to know, for those who have passed the CISSP, how long did it take? I realize the exam covers a pretty broad area. The same information for the CISA would also be helpful.    
0
Comment
Question by:jhhaley
8 Comments
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17976417
I haven't taken the test (yet) but most of my colleagues have.  Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option.  It does cover a very broad scope of material AFAIK, and I don't think you'll have to go so in depth as to pull out a lot of math for cryptanalysis.
0
 
LVL 1

Author Comment

by:jhhaley
ID: 17977019
LindyMoff: Thanks for the response, you made the following comment:

"Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option."

Did you mean that they took a couple of weeks to get through it (exam) in conjuction with a boot camp or did they self study?


For All: The boot camp I was considering is sponsored by www.cedsolutions.com. Has anyone taken training at this location and were you happy with the training? I am looking at Atlanta for the training location.  
0
 
LVL 17

Accepted Solution

by:
Dushan911 earned 125 total points
ID: 17977048
Yes that 10 Cds are very good. Its covering most of the things in the 10 domains.
For CISSP exam you must know things in One square mile, but only one inche deep knowledge.

You must Read "SHON HARRIS - CISSP Certification Exam Study Guide" --> Exaplins in Very Simple manner. One of my freind got passed from CISSP, only reading this book.

And another my freind(busy freind) got 655/1000 marks (need 700 marks to pass). --> he went through only "CISSP Prep Guide", its covering all the topics in summerized manner.

But I'm Advicing to read "CISSP Official Guide" also.

And if you are very good expereinced in network(security), I don't think, u must attent to the boot camp. But you should read at least above 3 books (at least one book very well). But if you can attent to boot camp, it will good. But i don't have expereince about boot camp.

And If you are planning for boot camp, I'm advicing you to attent official boot camp.

You can check official CISSP web site.
www.isc2.org
You can register for Official boot camps from ICS2 web site, acording to you location. And you must register for CISSP exam from same site.

And you can see CISSP current member list(including thier CVs).

And you can have online practice exams from http://www.cccure.org/, you can select questions acording to the wieght of the questions.(  CISSP questions have weight 1-5)


ALL THE BEST!

BR Dushan
0
 
LVL 17

Expert Comment

by:Dushan911
ID: 17977073
I don't know about  www.cedsolutions.com
I'm advicing you to take official Trainig from ISC2.

You can search exmaination date/time/locations from following link.
https://www.isc2.org/cgi-bin/exam_schedule.cgi?displaycategory=1182

Results will show exm dates and Official Seminars(Boot camps) date.

These official seminar will help full 5 days. And Seminars are normally scheduling 2-3 weeks before the exam. (Same location exams scheduling.)

BR Dushan
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 17

Expert Comment

by:Dushan911
ID: 17977091
After studying, you can check your knowlede/standrad.

http://www.cccure.org/quiz/quiz.php

You can answer questions acording to domain. Or you can select multiple domains with shift key.

BR Dushan
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17977219
Yeah, I don't know much about ced... but I think so long as you have the study CDs it would probably be just fine.  When I said 2 weeks I meant a week of self-study followed by a week of boot camp (through ISC2) and then the exam.  It's all subjective though :)
0
 
LVL 17

Expert Comment

by:Dushan911
ID: 17977381
yes. If you study hardly, two weeks will enough. But it will depend on you (studying way and frequency of capturing the knowledge) . After studying you can check your standard via www.cccure.org  kind of qiuze sites. ;).
But I'm advising to study at least two months. Because it covers hudge area. I mean not deeply one section. Covers most sections overally. So will take time to understand some most of the management concept, because most of the questions are related to decision making, management ..etc . Not much deep technically. But to take those decisions you should know technical term and usage of technology very well (mostly via expereince).

BR Dushan
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 175 total points
ID: 17980673
Jhhaley, I was in a very similar situation a while ago. Broad IT experience of almost 20 years, but no certification.
After looking through all possible certification I choose CISSP because it covers a really broad range of topics, is vendor independent and is highly praised.
Because of my experience I did not want to take a course or follow a boot camp, because of the possibility of lots of overlaps with my own experience. That seamed like wasted time.
Also important for me was passing the first time. I did not want to spend the same time and money again to retake an exam, so I wanted to be very well prepared.
This is what I did:
- Downloaded the study guides form ISC2.org. They are free (after registration) and then you'll know what you are up against.
- Bought the following book: "Shon Harris, CISSP All In One Exam Study Guide Third Edition" as my main study guide. It's very clear, easy to follow and the sample questions prepare you very well on the type of questions you will get at the exam.
- Also bought: "The CISSP Prep Guide, Second Edition: Mastering the CISSP and ISSEP™ Exams by Ronald L. Krutz and Russell Dean Vines (Wiley Publishing)" as my secondary study guide. As I did not follow any courses - just self study - I really wanted a second opinion.
- Downloaded the open study guides from http://www.cccure.org/ , as a third opinion :-)
Then I did a quick run through the Harris' book, just to know what it's all about and where I'm really not up to speed.
After doing that I knew that I would really have to study on security management practices, cryptography and security architectures and models. Because I had the least experience with those.

Then up to studying. I had two months to prepare, while in the same period I had my fulltime job + I was teaching 2003 server courses in the evening twice a week.
Used up all my other spare time in that period. After that I felt ready. I estimate that it took me about 200 hours of intense studying. Your mileage may vary, as I also had the language barrier of English. English is my third language, after Dutch and French. FYI, sometimes I took a side track by looking through the recommended readings which you will find in Harris book.
After studying each chapter of Harris' book I took the test questions at the end of each chapter. I kept score. Studying that first book took about three quarters of my time. Next ones go a lot faster.
After finalizing that book I read Krutz' book - skipping the ISSEP part - and also took the test questions which are in there. And again I kept score. After two test round you will know where you will have to work at. I the used the open study guides. And did a third round of test, this time the full test from the CD included with Harris' book. This test prepares you well for the sheer volume of the exam.
Based on my three scores and which questions I did not pass, I then brushed up on the harder topics.
Also, during the studying I made a lot of notes. The day before the exam, I only ran through my own notes as those contained all information I felt I needed, in a condense form.

I also followed these tips very closely: http://certcities.com/editorial/tips/story.asp?EditorialsID=21
It contains sound advice, also for taking the exam itself.

In my opinion, both Harris and Krutz are must reads, but if I had to choose one then I would choose Harris. As a matter of fact I did so. I'm teaching a CISSP course here in Belgium (starting next January) and have chosen Harris' book as the study guide for my students. The course is not a boot camp, as it takes 75 hours (double that of a boot camp) and is spread over 3 months. Because I believe you can only hold your attention for a limited time. And I also make that course more practical by adding ISO 17799 to it, for building a security plan. But that's not a must for passing the exam.
What I'm saying is -  like Dushan - if you can: spread your studying. Don't try to cram it in 2 weeks. And a boot camp alone will certainly not be enough.
If you really have to take it in two weeks, and you have those two weeks completely free, then you might give it a shot. If that's the only time you have, and you are already very experienced, then I would not waste any time on a boot camp. With self study you can adapt much more flexible to your own knowledge.
Also: take enough breaks and have some relaxing time in between.

BTW, I passed first time :-)

Good luck, and I hope to welcome you as a CISSP very soon. The more security knowledge out there, the better. And it's indeed an excellent career advancer.

J.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 PACL 9 37
Virus .zepto files 10 45
print logs windows 7 3 37
Question on security Audit 2 55
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now